Information Assurance Consultant

MASS Branded
Negotiable dependent upon experience
19 Apr 2017
25 Apr 2017
Contract Type
An Information Assurance Consultant is required to join a growing team which provides security assurance services to a range of public and private sector clients, as well as supporting the Company internal security operations. Work content will include the preparation and review of security assurance artefacts, the provision of security advice and consultancy, attendance at meetings and working autonomously on projects, scoping and undertaking of technical audits including Cyber Essentials technical assessments, with occasional travel to client sites. The preferred candidate will hold CCP in one or more roles and will have demonstrable experience in information and IT security, risk assessment and management methodologies, in depth technical understanding of secure IT system architecture, and production of RMADS and HMG Information Assurance processes. A good understanding of the application of security controls to IT systems and conversance with HMG / NCSC IA publications and ISO 27001 are essential. The successful candidate will be a strong team player with excellent communication skills, and will be required to hold, or be in a position to qualify for Developed Vetting (DV) Security Clearance.

Mandatory Skills:

Knowledge of CAPS / CPA / Common Criteria products.

At least one of the following recognised IT Security certifications: CISSP, CISM, CISA, ISO 27001.

CCP certification in one of the following: CCP Accreditor, IA Architect, IA Auditor, ISSO, SIRA.

At least one of the following recognised Risk Assessment or Risk Management certifications or training: HMG IS1&2, CRISC, COBIT, ISO27005, Octave.

Demonstrable knowledge of HMG accreditation process, ISO27000 series, NCSC IA portfolio, End User Device security strategy: Security Policy Framework, Gov.UK Cyber Security Guidance and controls.

Competent in the use of the MS Office suite.

Demonstrate a good understanding of the business relevance of information risks and the current trends and growths in information security.

Demonstrate the ability to explain business principles of secure system designs in terms of business risk.

Subject matter expertise in an element of information risk management, accreditation, governance or compliance.

Ability to produce security cases, accreditation evidence artefacts and documentation to support Accreditor approvals.

Awareness of ITHC requirements and analysis of results.

Conducting Compliance Audits. An ability to explain secure system designs in terms of business risk.

Hold a Full UK Driving License.

Desirable Skills:

CompTIA A+.

Cyber Essentials Auditor/Technical Assessor.

Familiarity with:
JSP 440 MOD Manual of Security, Industry Security Control Systems and Risks (SCADA),
JSP604 Defence Manual for Information and Communications Technologies (ICT).
General Data Protection Regulation (GDPR)

Familiar with the following Risk tools:
Risk tool methodology.

Previous role as an Accreditor.

CPNI CMAT framework.

Business Continuity and Disaster Recovery Planning.

Knowledge of PSN.

Experience in writing or updating information assurance operating policies and compliance procedures.

Ability to take a rounded view of security issues and make risk judgements across the relevant scope.

Penetration Testing.

Performance of IT security audits.